Bridged Adversarial Training
Hoki Kim, Woojin Lee, Sungyoon Lee, Jaewook Lee
TL;DR
This paper introduces Bridged Adversarial Training, a novel method that improves robustness of neural networks by addressing the gap between clean and adversarial examples, supported by theoretical and empirical evidence.
Contribution
It proposes a new adversarial training approach that mitigates the negative effects of smoothness regularizers and enhances robustness against large perturbations.
Findings
Bridged adversarial training improves robustness stability.
The method outperforms existing techniques on large perturbations.
Theoretical analysis supports empirical results.
Abstract
Adversarial robustness is considered as a required property of deep neural networks. In this study, we discover that adversarially trained models might have significantly different characteristics in terms of margin and smoothness, even they show similar robustness. Inspired by the observation, we investigate the effect of different regularizers and discover the negative effect of the smoothness regularizer on maximizing the margin. Based on the analyses, we propose a new method called bridged adversarial training that mitigates the negative effect by bridging the gap between clean and adversarial examples. We provide theoretical and empirical evidence that the proposed method provides stable and better robustness, especially for large perturbations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Integrated Circuits and Semiconductor Failure Analysis